Categories: MalwareSecurity

Deep Panda hacking team targeting US experts on Iraq

Researchers at CrowdStrike reveal that hacking team dubbed Deep Panda is targeting US think thank firms with a significant knowledge on the Iraqi situation.

CrowdStrike security firm revealed that a group of hackers, suspected to be linked to the Chinese cyber army, began targeting PCs belonging to think thank firms which are analyzing the Iraqi situation. Experts at CrowdStrike believe that the bad actor behind the attacks is the same who for years targeted US experts on Asian geopolitical matters.  Experts at CrowdStrike declined to identify the companies which were targeted by the hackers.

The group, dubbed “Deep Panda”, is well known to the cyber security community, during  the past years it has targeted defense, financial and other industries in the US. The group used for its attacks many exploits distributing through the execution of a “drive-by download exploit” different malware, including the popular Poison Ivy.

In the past the hackers mainly targeted Intelligence experts working on Southeast Asian affairs, including government experts and former officials.

CrowdStrike co-founder Dmitri Alperovitch declared that he has “great confidence” that bad actors are state-sponsored hackers, but he hasn’t provided further details on the investigation conducted by his team of experts.

As explained in the blog post published by CrowdStrike, think tank companies aren’t adopting necessary countermeasures to mitigate cyber threats despite the high confidential information they manage.

“Despite this high threat level, these think tanks are organized as non-profits and often do not have the budgets of commercial organizations to afford cutting-edge security technologies that can help them effectively detect these threats.” reports CrowdStrike.

Experts at CrowdStrike noted a surge of the activities of the group of hackers in concomitants of the attacks, occurred in June 18th, to the Iraq’s Baiji oil refinery by ISIS (Islamic State of Iraq and the Levant) militants. Alleged chinese hackers started a cyber espionage campaign which targeted PCs of US think tank experts who were experts on the Iraqi crisis.

The explanation of the great interest in  the Iraqi crisis is that the country is one of the principal oil producers, it is “the fifth-largest source of crude for China, while China is the largest foreign investor in Iraq’s oil infrastructure” as reported by the Reuters agency.

“This actor, who was engaged in targeting and collection of Southeast Asia policy information, suddenly began targeting individuals with a tie to Iraq/Middle East issues. This is undoubtedly related to the recent Islamic State of Iraq and the Levant (ISIS) takeover of major parts of Iraq and the potential disruption for major Chinese oil interests in that country. In fact, Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq’s oil sector. ” said CrowdStrike.

Local disorders could have a serious impact on the oil exports, for this reason Chinese Government is monitoring the evolution of the insurrection in the region. According to the experts of the security company the hacking group is one of the most sophisticated of the 30 it tracks in China, its cyber espionage campaigns are conducted with impressive efficiency making hard their detection and the attribution to state-sponsored hackers.

The analysis provided by CrowdStrike is the demonstration that Governments are increasing the practice of state-sponsored hacking to collect sensitive information on events that could have a serious repercussion on the economy, the security and politics of a country. Hacking groups like Deep Panda represent a menace for every industry as explained by the experts.

“DEEP PANDA presents a very serious threat not just to think tanks, but also multinational financial institutions, law firms, defense contractors, and government agencies. Due to their stellar operational security and reliance on anti-forensic and anti-IOC detection techniques, detecting and stopping them is very challenging” states the report.

Pierluigi Paganini

Security Affairs –  (CrowdStrike, Iraq, DEEP PANDA)0

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports

Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash…

5 hours ago

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch…

8 hours ago

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws…

12 hours ago

Mirai botnets exploit Wazuh RCE, Akamai warned

Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai…

15 hours ago

China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns

China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks…

18 hours ago

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes,…

1 day ago